New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove ScopedCredentialInfo.publicKey; use "credential public key" term consistently #235
Conversation
… consistently. Fixes #94
@@ -531,7 +537,6 @@ authorizing an authenticator with which to complete the operation. | |||
[SecureContext] | |||
interface ScopedCredentialInfo { | |||
readonly attribute ScopedCredential credential; | |||
readonly attribute CryptoKey publicKey; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should also delete lines 165-168 since there are no longer any references to CryptoKey or JsonWebKey left in this spec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doh. thx :) See new commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we remove CryptoKey as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry. yes. see new commit. thx.
I've made some updates to this PR #235 and have also stashed a textual diff of this PR from the current state of the master branch here.. please review. |
@@ -1670,8 +1676,8 @@ with the fields of the attestation certificate's extension data. | |||
- Verify that {{AndroidKeyAttestation/signature}} is a valid certificate chain, consisting of a time-valid X.509 certificate | |||
chaining up to a trusted attestation root key. | |||
|
|||
- Verify that the public key in the attestation certificate matches the credential public key in the attestation data field | |||
of the given <a>authenticatorData</a>. | |||
- Verify that the public key in the attestation certificate matches the <a>credential public key</a> in the attestation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion based on earlier email thread: "attestation certificate" could be replaced with something like "leaf certificate in the chain represented by {{AndroidKeyAttestation/signature}}".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, thx, will address this.
One editorial suggestion which captures something we also discussed before. Other than that this LGTM. |
This PR removes important functionality. Right now, it is possible for a RP to use this API without any knowledge of attestation formats (as long as it's willing to believe the browser that the key is good enough). With this PR, the RP can now only interoperate with an authenticator if it understand the attestation format produced by that authenticator, and it has to have code to process all the attestation formats on its critical path, before it can even look at the public key. Those seem like pretty serious constraints on interoperability and usability, so I'm inclined to close this PR. |
Hi @bifurcation (Richard), thx for the review. @bifurcation wrote:
actually, that is no longer the case since PR #161 "make attestation more modular" which added this section..
..and which specifies (via the table therein) a common format for conveying AAGUID and CredID and pubkey alg & encoding and attested public key, across all attstn formats. Thus an RP may still, if it accepts the risk, simply pluck the attested public key from the attestation statement without understanding the various attstn formats (which remains necessary if the RP wishes to verify the attstn signature). Additionally, this PR normalizes terminology, which we would want/need to do in any case. |
Ok, have addressed @vijaybh 's comment above. Would be good to have @rlin1 check the new language in {#android-key-attestation}. The generated index.html likely has some dangling hyperlinks, at least it does when processed via the 'cloud (i.e., latest) bikeshed' -- we can fix these later i trust (they also exist in other branches I'm working on). |
I have fixed the dangling hyperlinks I've experienced in other branches I'm working on. |
webauthn 9-Nov meeting minutes https://www.w3.org/2016/11/09-webauthn-minutes.html has this regarding this PR: We are now discussing PR #235 Alexei has been busy and not gotten to this, and we wish to get WD-03 published, and @vijaybh is ok with merging this, so am doing so. If there's issues with it, please file new issues, and we can address in another WD update. |
Fixes #94